| | | 20,000+ Fresh Resumes Monthly | |
|
|
| |
Click here or scroll down to respond to this candidateCandidate's Name
1Candidate's Name
Street Address Princeton CT, Hampton GAPhone: PHONE NUMBER AVAILABLEEmail: EMAIL AVAILABLESUMMARYExperienced and driven IT professional with expertise in cyber security processes and policies. Proven track record in researching, analyzing, designing, testing, and implementing advanced computer network security technologies. Committed to delivering results and dedicated to safeguarding digital assets, mitigating risks, and addressing challenges in the ever-evolving threat landscape.SKILLSAdvanced Threat Protection Network Security Monitoring Cyber Kill Chain MITRE Attack Framework Vulnerability Scanning Risk Management Framework Malware Analysis Incident Response Endpoint Protection Data Loss Prevention Disaster Recovery Vulnerability Management Assessment DevOps Operational Control and rigorAgile and waterfall SDLC Identity and access management Enterprise Risk Management Incident Response Planning and Execution Forensic Analysis and Investigation Email Security: DKIM, DMARC, SPF Threat Intelligence Integration Security Incident Documentation and ReportingTECHNICAL SUMMARYCyber Security SIEM Splunk, Qradar, Kabina, Palo Alto XSOAR Endpoint Device Cisco AMP4Endpoint, Cisco umbrella, Cisco Threat response, Cisco IronPort, Microsoft 365 ATP, Microsoft Azure Cloud App Security, CrowdStrike, Carbon BlackCloud AWS Security, Prisma Cloud, Microsoft Azure for Cloud App Pentest Tools Wireshark, Kali, Metasploit, NMAPVulnerability Tools Nessus, Qualys, Nexpose, Nmap, Rapid7 Systems Windows (all), VMware, MacOS and LinuxNetworking LANs, WANs, VPN, Routers, Firewalls, TCP/IP, Google Work space AdminSecurity Tools Palo Alto, Symantec, Pfsense, Wireshark, ESET, Panorama, Akamai, Resecurity, Cofense, Proofpoint, Swimlane, Jamf, NinjaOne, jump cloud, CyberhavenTicketing Remedy, ServiceNow,Security Framework NIST 800 SERIES, COBIT, SOX, HIPAA, PSI RMF, PCI DSS, HIPAA, HITRUSTOpen-Source tools Virus total, RiskIQ, X-force Exchange, Abuse IP, Cyber Chef, Mx tools, ThreatConnect, OSINT framework etc.Scripting Language SQL, Yara, PowerShellCandidate's Name
2PROFESSIONAL EXPERIENCEInformation Security/Audit AnalystJanuary 2023 PRESENT.TechGenie Consulting LLC (Decatur) Identified and investigated potential security threats by analyzing network traffic, system logs, and security alerts using tools such as Wireshark, Splunk security, etc. Leveraged Palo Alto XOAR for network security, proficiently overseeing and analyzing network traffic to identify and address potential security incidents. Developed and implemented proactive threat hunting strategies to detect and mitigate advanced threats before they could impact the organization, leveraging tools like OpenDoc and YARA for IOC detection. NIST Cybersecurity Framework (RMF), 800-171, 800-53 CIS Critical Security Controls, SOC1, SOC2, CIA, CSA, CCM, CISv7. Conducted in-depth analysis of suspicious activities and anomalies to identify patterns and indicators of compromise (IOCs) with the help of tools like CrowdStrike. Investigated and remediated data loss incidents using solutions such as Code42 and Box Shield to prevent the unauthorized transmission of sensitive data by insiders. Conducted dynamic and static malware analysis using sandbox environments(Cuckoo Sandbox, Joe Sandbox, VMRay Analyzer) and tools such as disassemblers(IDA Pro, Ghidra) and debuggers (OllyDbg, WinDbg). Identified and documented malware characteristics, including file hashes, persistence mechanisms, command-and-control (C2) infrastructure, and evasion techniques, to enhance threat intelligence databases. Analyzed system logs, including event logs, firewall logs, and web server logs, using tools such as Splunk, Palo Alto Panorama, Akamai, SecureWorks to detect and investigate security incidents and anomalies. Led the implementation of effective log monitoring and correlation rules in Splunk to swiftly detect and respond to suspicious activities such as brute force attacks and malware infections Utilized Ninja One RMM and Jamf remote management tools to execute compliance activities efficiently. Verified installation and functionality of compliance measures such as JumpCloud sensors, VPN configurations, and CrowdStrike installations. Ensured accurate reporting to JumpCloud and other relevant platforms, maintaining data integrity. Conducted audits to confirm required device numbers on cloud-based operating systems. Initiated timely remediation actions to address identified discrepancies, ensuring compliance consistency. Crafted SQL queries to identify potential threats and security anomalies within the database. Wrote complex SQL queries for analysis and data extraction during security investigations and incident response. Implemented and maintained compliance controls within Cyberhaven's data security platform. Monitored DNS traffic and logs for anomalies and indicators of compromise Candidate's Name
3(IOCs) using advanced threat detection tools and techniques. Conducted in-depth analysis of DNS-related security events to identify potential threats, including DNS hijacking, DNS tunneling, and domain abuse. Leveraged Cyberhaven for data discovery and classification to meet regulatory requirements. Conducted compliance assessments and audits using JumpCloud and Cyberhaven tools. Generated compliance reports and documentation demonstrating adherence to regulatory standards. Configured BitLocker policies and settings via NinjaOne to enforce encryption requirements and ensure compliance with security standards. Conducted cloud investigations in AWS and Azure environments, utilizing native security tools like AWS CloudTrail and Azure Monitor to analyse logs and audit trails for security incidents. Execute vulnerability assessments using Qualys Guard and Nessus to pinpoint and analyze security loopholes within IT infrastructures. Customize scan configurations to maximize coverage and accuracy, ensuring comprehensive identification of vulnerabilities. Analyze scan outputs meticulously, categorizing vulnerabilities by severity and potential impact to facilitate prioritized remediation efforts. Generate comprehensive reports detailing discovered vulnerabilities along with actionable mitigation strategies. Employed cloud-native tools to gather evidence and facilitate incident response, ensuring timely detection and mitigation of unauthorized activities in AWS and Azure environments. Conduct security awareness training sessions for staff, cultivating a vigilant security mindset, and utilize platforms like Ninjio or Proofpoint for simulated phishing drill. Information Security SpecialistJune 2021 December 2022Kyndryl Holdings, Inc (Austin Texas) Monitored real-time security events utilizing CrowdStrike and Microsoft Defender for endpoint detection and response (EDR) to swiftly identify and mitigate cyber threats, ensuring proactive threat management. Analyzed network traffic for malicious or abnormal activity to identify attack vectors, resulting in the prevention of numerous potential breaches. Identified adversaries' Tactics, Techniques, and Procedures (TTPs) for technical mitigation strategies, leading to enhanced incident response capabilities and improved security posture. Identify and resolve root cause of security related problems Built metrics reports and presented them to leadership, facilitating strategic decision- making and resource allocation. Implemented Microsoft Intune for identity and access management (IAM), significantly enhancing security measures across various platforms and applications, including Microsoft Azure cloud app. Employed Code42 and Boxshield for data loss prevention (DLP), successfully detecting and preventing insider threats through comprehensive data analysis. Utilized Palo Alto XSOAR for network security, effectively monitoring and analyzing network traffic to detect and respond to potential security incidents. Candidate's Name
4 Employed Splunk and Rapid7 for security information and event management(SIEM), enabling real-time monitoring and analysis of security events for proactive threat detection and incident response. Led in-depth investigations into security alerts and incidents, ensuring the resilience and integrity of Akamai's systems and data. Utilized Resecurity and ESET for malware analysis and threat intelligence, facilitating comprehensive assessment and mitigation of malware threats. Implemented Proofpoint for email security, ensuring robust protection against phishing attacks and other email-borne threats, thereby enhancing overall cybersecurity posture. Conducted vulnerability assessments according to industry standards (CVE, CVSS, OWASP), resulting in precise identification and prioritization of vulnerabilities for proactive risk mitigation. Analyzed Nessus scan results to prioritize identified vulnerabilities based on severity and potential impact on the organization's security posture, leading to targeted remediation efforts. Conducted thorough analysis of DNS-related security incidents to identify potential threats and vulnerabilities within the network infrastructure. Leveraged DNS logs and traffic analysis tools to detect and investigate suspicious DNS activities indicative of malicious behavior or compromise. Generated and distributed detailed reports from Nessus scans, highlighting critical vulnerabilities and tracking remediation progress over time, resulting in improved overall security resilience. Implemented Microsoft Intune for centralized IAM, securing access to corporate resources across diverse devices and platforms, thereby strengthening overall security infrastructure. Employed endpoint detection and response (EDR) solutions such as CrowdStrike Falcon and Carbon Black to monitor endpoint activities and conduct targeted threat hunting investigations, resulting in the detection and mitigation of various threats across the organization's infrastructure. Integrated threat intelligence feeds from VirusTotal and IBM X-Force into proactive threat hunting workflows, enhancing the organization's ability to detect emerging threats and proactively mitigate risks. Utilized SIEM platforms such as Splunk and LogRhythm for log data correlation and analysis, successfully identifying security anomalies and suspicious activities through focused threat hunting efforts. Conducted malware analysis and reverse engineering using tools like IDA Pro and Ghidra, enabling the identification of malicious code and attack vectors, thereby enhancing threat detection capabilities. Employed sandboxing solutions such as Cuckoo and FireEye to analyze malware behavior in isolated environments, uncovering malicious intent and potential impact, thus bolstering overall cybersecurity defensesCandidate's Name
5Information Security EngineerMarch 2021 September 2021Verint Systems (Alpharetta) Proactively identified and mitigated incidents, threats, compromises, and vulnerabilities, ensuring continuous protection of organizational assets and data integrity. Configured and troubleshooted security infrastructure, including Cisco Firewall/ASA, Checkpoint FW, Bluecoat ProxySG, and Cisco Ironport, resulting in optimized defense mechanisms against potential cyber threats. Ensured compliance with standards and protected information through risk-based surveillance of organizational information assurance programs, fostering a secure and compliant operational environment. Supported a 24/7 SOC environment, ensuring real-time information security and preemptively preventing cyber-attacks from both internal and external sources. Monitored and analyzed network traffic, Intrusion Detection Systems (IDS), security events, and logs, utilizing SIEM tools such as Splunk and LogRhythm to detect, analyze, and respond to security events promptly, minimizing potential risks. Conducted threat hunts using IOC and IOA data from the research department, enhancing the organization's proactive threat detection capabilities. Trained, educated, and mentored new hires on SOPs and security awareness, including providing comprehensive training on identifying and mitigating phishing email attacks, fostering a culture of security awareness within the organization. Developed customized Splunk dashboards, visualizations, configurations, reports, and search capabilities, streamlining security monitoring and analysis processes. Conducted phishing email analysis and resolved security email alerts swiftly, minimizing the impact of potential email-borne threats. Updated existing IAM and provisioning workflows, ensuring alignment with evolving security requirements and best practices. Configured and maintained SIM/SIEMS tools such as QRadar, Splunk, and Splunk Phantom, centralizing and analyzing security event data for enhanced threat visibility and response capabilities. Utilized Cisco AMP and Cisco Thread Grid for malware detection, alerts, protection, and analysis, bolstering the organization's defenses against malicious software. Administered Juniper SSL VPN, Websense Web Security, and Cisco Ironport for secure remote access and web filtering, enhancing network security posture. Leveraged Cisco Umbrella for domain whitelisting/blacklisting and investigation of IP, URL, and domains against incident and detection policies, strengthening the organization's defense against malicious online activities. Used Splunk investigative dashboards for IOC analysis and performed threat hunting for Advanced Persistent Threats (APTs), proactively identifying and neutralizing sophisticated threats. Implemented security countermeasures to mitigate threats effectively and escalated incidents to concerned teams for timely resolution, minimizing potential impact. Conducted technical analysis of network activity, monitored network flow, and created operational reports for Key Performance Indicators (KPIs) and metrics, facilitating informed decision-making and continuous improvement of security measures. Provided timely information on intrusion events, security incidents, and threat indications, enabling swift response and mitigation actions. Candidate's Name
6 Documented all incident activities and provided status updates during the incident lifecycle, ensuring transparency and accountability throughout the incident response process. Installed, configured, migrated, and administered Splunk components, including Search Head, Indexers, Heavy Forwarders, Deployment Server, Cluster Master, and Universal Forwarder on Linux and Windows operating systems, optimizing the functionality and performance of the SIEM platform. Applied knowledge of client security policies and procedures to detect and prevent security breaches using SIEM and other monitoring tools, ensuring adherence to established security protocols. Correlated data by researching logs, analyzing graphs, and conducting packet inspections to generate detailed reports, providing valuable insights into security posture and potential threats. Analyzed IOC and IOA, monitored active channels/dashboards, and created annotations, enhancing the effectiveness of threat detection and response efforts. Investigated security breaches to identify root causes and monitored security access for suspicious activity reporting, enabling proactive threat mitigation and prevention of future incidents.Incidence Response EngineerJanuary 2020 February 2021Triumph Interior, GA Leveraged Microsoft 365 ATP and CrowdStrike Falcon to discern, investigate, contain, and respond to Indicators of Compromise (IOCs), Indicators of Attack (IOAs), and other anomalies based on incident and detection policies configured within the Endpoint Detection and Response (EDR) system. Analyze and escalate events and incidents to SOC Analyst Level for response and resolution. Utilized ThreatConnect to conduct comprehensive asset analysis, acquiring critical visibility into potential threats. Monitored an array of security layers, including Security Information and Event Management (SIEM) platforms like Splunk, Intrusion Detection System (IDS), Network Monitoring and Response Services, as well as Email, Web app activities, and databases, ensuring the prompt detection and response to security incidents. Demonstrated adept utilization of Microsoft Azure Security Center for monitoring authentication activities, thereby ensuring a secure cloud environment. Implemented identity and access management (IAM) policies and role-based access controls (RBAC) in Microsoft Azure to enforce the principle of least privilege and prevent unauthorized access to cloud resources. Supported for Security Operations Center (SOC). Monitor security system and diagnoses malware events to ensure no interruption of service. Identify potential threats, anomalies, and infections and provide reports to the customers. Configured advanced threat protection features in Microsoft Exchange Online to detect and mitigate email-based threats, such as phishing attacks, malware, and spoofed emails, enhancing overall email security posture.Candidate's Name
7 Integrated Microsoft Exchange Online with Azure Active Directory for seamless user authentication and single sign-on (SSO) capabilities, improving user experience and reducing the risk of credential-based attacks. Managed network infrastructure security with precision using Splunk, expertly monitoring, categorizing, and responding to incidents and threats. Analyzed SIEM logs from diverse sources such as firewalls (utilizing Palo Alto Networks), IDS, and antivirus solutions, demonstrating proficiency in swiftly identifying and mitigating potential security breaches. Conducted thorough analysis of network traffic logs, packet captures, and flow data to detect anomalous behavior, perform network forensics, and identify IOCs, leveraging tools such as Wireshark. Resolved Data Loss Prevention (DLP) alerts from Box Shield DLP Manager and Splunk Enterprise Security, ensuring data protection and compliance. Utilized Palo Alto Panorama as a central management platform for multiple Palo Alto Networks firewalls, facilitating streamlined incident response across the network infrastructure. Utilized Panorama's unified visibility features to monitor and analyze network traffic, security events, and logs from a single interface, enabling prompt detection of anomalies and potential security breaches. Demonstrated advanced proficiency in PowerShell scripting for task automation, log analysis, and incident response orchestration. Developed PowerShell scripts for real-time event log monitoring, data analysis, and response orchestration. Crafting SQL queries, hence, to enumerate all imaginable threats and security anomalies existing within the database. Use of SQL in aspect of database security assessment and vulnerability analysis. Monitored DNS traffic and logs for anomalies and indicators of compromise (IOCs) using advanced threat detection tools and techniques. Conducted in-depth analysis of DNS-related security events to identify potential threats, including DNS hijacking, DNS tunneling, and domain abuse. Writing complex SQL queries for analysis and data extraction during security investigation and incident response Created correlation searches in Splunk to proactively detect cybersecurity threats, augmenting incident response capabilities. Conducted real-time Packet Capture (PCAP) analysis of network traffic data to aid in investigations of potentially malicious activity, using tools such as Wireshark. Assisted in conducting vulnerability assessments and penetration testing on various systems and applications, employing tools such as Nessus and Burp Suite. Provided comprehensive vulnerability assessment reports, including risk ratings, potential impact, and recommended mitigation strategies, to stakeholders and management.Candidate's Name
8Information Security AnalystSeptember 2019 January 2020Ishglo-One Corp, Frederick, MD Spearheaded network traffic analysis using advanced tools such as Wireshark and Splunk, demonstrating exceptional investigative skills to identify and respond to security incidents promptly. Conducted thorough EDR analysis with CrowdStrike, ensuring an in-depth comprehension of threat behaviors and enabling prompt implementation of containment measures. Utilized SIEM tools, including Palo Alto XSOAR, for efficient incident response, collaborating seamlessly with cross-functional teams to address security events with precision. Specialized in insider threat analysis, implementing proactive strategies to detect and prevent internal risks to data security effectively. Ensure compliance with standards and protect information through risk-based surveillance of organizational information assurance programs. Responsibilities include supporting a 24/7 SOC environment to ensure real- time information security and prevent any cyber-attack from inside and outside the network. Monitor and analyze network traffic, Intrusion Detection Systems (IDS), security events, and logs. Utilized SIEM tools such as Splunk and LogRhythm to monitor, analyze, and respond to security events, ensuring timely detection and resolution of potential threats. Conduct threat hunts using IOC and IOA data from the research department. Train, educate, and mentor new hires on SOPs and security awareness, including educating end users on phishing email attacks. Develop customized Splunk dashboards, visualizations, configurations, reports, and search capabilities. Conduct phishing email analysis and resolve security email alerts. Update existing IAM and provisioning workflows. Configure and maintain SIM/SIEMS tools such as QRadar, Splunk, and ArcSight to centralize and analyze security event data. Utilize Cisco AMP and Cisco Thread Grid for malware detection, alerts, protection, and analysis. Administer Juniper SSL VPN, Websense Web Security, and Cisco Ironport for secure remote access and web filtering. Utilize Cisco Umbrella for domain whitelisting/blacklisting and investigation of IP, URL, and domains against incident and detection policies. Use Splunk investigative dashboards for IOC analysis and perform threat hunting for Advanced Persistent Threats (APTs). Implement security countermeasures to mitigate threats and escalate incidents to concerned teams. Perform technical analysis of network activity, monitor network flow, and create operational reports for Key Performance Indicators (KPIs) and metrics. Provide information on intrusion events, security incidents, and threat indications. Document all incident activities and provide status updates during the incident lifecycle. Install, configure, migrate, and administer Splunk components including Search Head, Indexers, Heavy Forwarders, Deployment Server, Cluster Master, and Universal Forwarder on Linux and Windows operating systems.Candidate's Name
9 Apply knowledge of client security policies and procedures to detect and prevent security breaches using SIEM and other monitoring tools. Correlate data by researching logs, analyzing graphs, and conducting packet inspections to generate detailed reports. Analyze IOC and IOA, monitor active channels/dashboards, and create annotations. Investigate security breaches to identify root causes and monitor security access for suspicious activity reporting.Cyber Security AnalystJanuary 2014 September 2019Man Minds Matrix, Ghana February Conducted thorough analysis of network perimeter tools, including Qradar, to identify and mitigate potential vulnerabilities. Experience with SOC and 24/7 operations. Executed application analysis using tools like Carbon Black and Kibana to ensure the security of corporate systems and data. Utilized EDR analysis techniques, leveraging tools such as Resecurity, to detect and respond to advanced threats promptly. Used Splunk Deployment Server to manage Splunk instances and analyzed security- based events, risks & reporting. Employed SIEM tools, such as Qradar and Swimlane, for effective incident response and investigation. Utilized Box Shield as a primary tool for monitoring and analyzing security events, promptly identifying and responding to potential threats and vulnerabilities. Conducted thorough vulnerability assessments using Qualys, applying its advanced features to identify and prioritize vulnerabilities based on business impact and risk. Collaborated closely with the IT team, leveraging Qualys insights to develop and implement effective remediation strategies for timely and efficient resolution. Played a pivotal role in incident response activities, using Qualys data to investigate and mitigate security incidents effectively. Utilized Power BI to create and present comprehensive cybersecurity reports to management, enhancing visibility into the organization's security posture Developed and maintained custom Box Shield policies to align with organizational security objectives and regulatory requirements, ensuring effective threat detection and response. Collaborated with incident response teams to investigate security incidents identified through Box Shield alerts, providing critical insights and recommendations for containment and remediation. Implemented and configured pfSense firewalls, ensuring optimal traffic flow and security. Monitored and analyzed network traffic using tools like Wireshark to identify potential security threats and vulnerabilities. Collaborated with system administrators to integrate pfSense into the existing network infrastructure seamlessly. Spearheaded incident response efforts, specializing in identifying, containing, and mitigating security incidents related to pfSense. Configured and fine-tuned pfSense firewall rules to enhance network security and prevent unauthorized access.Candidate's Name
10 Conducted insider threat analysis using Microsoft Admin Exchange and other identity and access management tools. Demonstrated proficiency in identifying and countering various external attacks, providing real-world examples, and leveraging Confense for phishing analysis. Utilized XSOAR for streamlined and efficient analysis of security incidents. Implemented ticket hygiene practices using ServiceNow to manage and prioritize incident response tasks. Ensured data loss prevention through proactive monitoring and controls, including Box Shield. Managed identity and access management, utilizing Microsoft Azure for Cloud App security. Spearheaded the implementation and ongoing management of DKIM, DMARC, and SPF protocols, fortifying email security and reducing the organization's susceptibility to phishing attacks. Led a cross-functional team in the execution of comprehensive email security assessments, identifying and remediating vulnerabilities, resulting in an enhanced email infrastructure with improved resilience against evolving threats. Implemented a real-time email traffic analysis system, significantly reducing response times to potential threats and contributing to a 20% decrease in successful email-based cyber- attacks. Conducted threat hunting activities using a combination of tools, including Akamai. Implemented phishing awareness programs and responded to phishing incidents. Demonstrated proficiency in report writing, conveying complex security findings to various stakeholders. Utilized PowerShell for incident response and automated security tasks. Conducted malware reverse engineering using tools like IDA Pro, OllyDbg, and others to understand and counteract sophisticated threats. Conducted comprehensive vulnerability assessments using Nessus, Nmap, and Rapid7 to identify and mitigate security weaknesses across diverse IT environments. In depth experience with network security protocols and procedures Monitored Enterprise DLP systems (Code42, Box shield) for data exfiltration attempts and provided remediation.Information Security AnalystOctober 2009 - August 2014The Beige Bank, Accra, Ghana Monitored real-time security events via the SIEM (Splunk) console, conducting thorough event analysis and investigations. Performance SOC tabletop exercises. Analyzed network traffic for signs of malicious or abnormal activity, identifying potential attack vectors, leveraging network monitoring tools such as Wireshark and SolarWinds. Identified adversary Tactics, Techniques, and Procedures (TTPs) to develop technical mitigation strategies for preventing, controlling, and isolating security incidents, utilizing threat intelligence platforms like ThreatConnect and Recorded Future. Generated metrics reports and delivered presentations to leadership, providing valuable insights to aid in strategic decision-making processes. Candidate's Name
11 Utilized various threat hunting methodologies to proactively identify Indicators of Compromise (IoCs) in the production environment, leveraging tools such as Carbon Black, and Splunk. Developed automation tools using scripting languages like Python to streamline and assist in the remediation of security incidents, enhancing response efficiency. Maintained and developed playbooks for Security Orchestration, Automation, and Response (SOAR) platforms such as Demisto and Phantom to ensure standardized incident handling procedures. Proficiently conduct vulnerability assessments utilizing Qualys Guard and Nessus, meticulously scrutinizing IT |
